登录界面输入密码键盘不响应

Have you ever entered the wrong password on your computer by accident and noticed it takes a few moments to respond in comparison to entering the correct one? Why is that? Today’s SuperUser Q&A post has the answer to a curious reader’s question.

您是否曾经无意间在计算机上输入了错误的密码，并且注意到与输入正确的密码相比，它需要花费一些时间来做出响应？ 这是为什么？ 今天的“超级用户问答”帖子回答了一个好奇的读者的问题。

Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.

今天的“问答”环节由SuperUser提供，它是Stack Exchange的一个分支，该社区是由社区驱动的Q＆A网站分组。

Screenshot courtesy of sully213 (Flickr).

屏幕截图由sully213(Flickr)提供 。

问题 (The Question)

SuperUser reader user3536548 wants to know why there is a longer response time when an incorrect password is entered:

SuperUser阅读器user3536548想知道为什么输入错误密码时响应时间更长：

When you enter a password and it is correct, the response time is practically instantaneous. But when you enter an incorrect password (by accident or having forgotten the correct one), it takes a while (10-30 seconds) before it responds that the password is incorrect.

输入正确的密码后，响应时间几乎是瞬时的。 但是，如果您输入了错误的密码(偶然或忘记了正确的密码)，则需要一段时间(10到30秒)，然后它才会响应密码不正确。

Why does it take so long (relatively) to say that the password is incorrect? This has always bugged me when entering incorrect passwords on Windows and Linux systems (regular and VM-based). I am not sure about Mac OSX since I cannot remember if it is the same (it has been a while since I last used a Mac).

为什么说密码不正确要花这么长时间(相对)？ 在Windows和Linux系统(常规和基于VM)上输入不正确的密码时，这总是困扰我。 我不确定Mac OSX，因为我不记得它是否相同(自从我上次使用Mac以来已经有一段时间了)。

I am asking in the context of a user logging in to the system physically on location rather than through SSH which could conceivably use somewhat different mechanisms to log in (validate credentials).

我是在用户实际在本地而不是通过SSH登录系统的情况下询问的，可以想象使用一些不同的机制来登录(验证凭据)。

Why is there a longer response time when you enter an incorrect password?

输入错误密码后，为什么响应时间更长？

答案 (The Answer)

SuperUser contributor Michael Kjorling has the answer for us:

超级用户贡献者Michael Kjorling为我们提供了答案：

Why does it take so long (relatively) to say that the password is incorrect?

为什么说密码不正确要花这么长时间(相对)？

It does not. Or rather, it does not take the computer any longer to determine that your password is incorrect compared to it being correct. The work involved for the computer is, ideally, exactly the same. Any password verification scheme that takes a different amount of time based on whether the password is correct or incorrect can be exploited to gain knowledge, however small, of the password in less time than would otherwise be the case.

它不是。 确切地说，与正确的密码相比，它不再需要计算机确定您的密码是错误的。 理想情况下，计算机所涉及的工作是完全相同的。 可以利用基于密码是正确还是不正确而花费不同时间量的任何密码验证方案来以比其他情况更少的时间获得密码知识，无论该密码多么小。

The delay is an artificial delay to make repeatedly trying to gain access by using different passwords infeasible, even if you have some idea of what the password is and automatic account lockout is disabled (which it should be in most scenarios as it would otherwise allow for a trivial denial of service against an arbitrary account).

延迟是人为延迟，即使您对密码是什么，并且已禁用自动帐户锁定(在大多数情况下应该是这种情况，因为它会允许针对任意帐户的小额拒绝服务)。

The general term for this behavior is tarpitting. While the Wikipedia article talks more about network service tarpitting, the concept is generic. The Old New Thing is not an official source either, but the article “Why does it take longer to reject an invalid password than to accept a valid one?” does talk about this (near the end of the article).

这种行为的总称是柏油 。 虽然Wikipedia文章更多地讨论了网络服务的tarpitting，但是这个概念是通用的。 老旧事物也不是官方消息，而是文章“ 为什么拒绝无效密码比接受有效密码要花更长的时间？ ”确实谈论了这一点(在文章结尾附近)。

Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.

有什么补充说明吗？ 在评论中听起来不错。 是否想从其他精通Stack Exchange的用户那里获得更多答案？ 在此处查看完整的讨论线程 。

翻译自: https://www.howtogeek.com/217649/why-does-it-take-longer-for-a-computer-to-respond-to-an-incorrect-password-versus-a-correct-one/

登录界面输入密码键盘不响应